0.3.0

Vapor Security Headers 0.3.0

The release adds the ability to set page specific Content Security Policies to allow you to enable different content only when needed rather than on a whole site basis.

To add a specific CSP to a request, create a separate ContentSecurityPolicyConfiguration and then add it to the request. For example, inside a route handler, you could do:

let pageSpecificCSPVaue = "default-src 'none'; script-src https://comments.disqus.com;"
let pageSpecificCSP = ContentSecurityPolicyConfiguration(value: pageSpecificCSPValue)
request.contentSecurityPolicy = pageSpecificCSP